Top stories.
- Klue supply-chain attack impacts cybersecurity firms.
- Brand-new Prinz Eugen ransomware is surprisingly polished.
- Brazil investigates suspected hack of emergency alert system.
- Texas data breach affects hunting and fishing licensees.
Klue supply-chain attack impacts cybersecurity firms.
Market intelligence platform Klue has confirmed a breach of its integration infrastructure, leading to supply-chain attacks affecting its enterprise customers. Multiple cybersecurity firms were impacted by the incident, including Huntress, Recorded Future, Tanium, and Jamf. An increasing number of other organizations are disclosing that they were affected, including social media management tool Sprout Social, sales intelligence platform Gong, and insurance software provider Insurity.
Klue stated, "On June 12, we identified unauthorized activity affecting a portion of Klue’s integration infrastructure....Our investigation determined that an attacker gained access through a compromised legacy credential associated with an integration service. The attacker used that access to obtain OAuth tokens used to connect Klue with certain third-party platforms, including Salesforce, and subsequently accessed data within a number of connected customer environments." ReliaQuest, which discovered the attack, said in its analysis, "The attacker authenticated to targets’ Klue integration service accounts, generated OAuth tokens, and ran what appear to be automated scripts to pull large volumes of CRM records through the Salesforce REST API over roughly 24 hours, including a concentrated burst of nearly a thousand queries in 15 minutes and sustained extraction windows lasting over 6 hours."
BleepingComputer reported late last week that the Icarus extortion group was behind the attack, and the gang has since claimed responsibility on its leak site. Huntress identified technical evidence indicating with "high confidence" that Icarus's claims are legitimate.
Brand-new Prinz Eugen ransomware is surprisingly polished.
Researchers at ThreatDown are tracking a new Go-based ransomware family called "Prinz Eugen" that's unusually sophisticated for a nascent strain of ransomware. ThreatDown says the encryptor is "built with enough care to prioritize high-pressure files, verify encrypted output, remove originals when instructed, and reduce forensic recovery opportunities before exiting." The malware doesn't drop a ransom note on the infected system, and instead moves ransom negotiations to a separate channel in order to minimize forensic evidence.
Notably, the ransomware prioritizes recently modified files, which ThreatDown says are "most likely to be in active use (open documents, current databases, recently saved project files, fresh email archives) and the least likely to have a recent backup."
Brazil investigates suspected hack of emergency alert system.
Brazilian authorities are investigating a suspected hack of the nation's emergency alert system after an unauthorized alert was sent to users across five states, including residents of São Paulo, Rio de Janeiro, and Brasilia, the Register reports. The messages, which were sent through the Defesa Civil Nacional's platform for severe weather alerts, contained the single word "misantropi4," a leetspeak version of the Portuguese word for "misanthropy."
The country's National Telecommunications Agency, Anatel, said in a statement, "There is currently no reason for concern on the part of the population as a result of the messages received." The government has taken the alert system offline to investigate the incident.
Texas data breach affects hunting and fishing licensees.
The Texas Parks and Wildlife Department (TPWD) has disclosed that one of its vendors sustained a data breach affecting more than 3 million Texans, SecurityWeek reports. The unnamed vendor handles the state's sale of hunting and fishing licenses, and the breach affected customers who obtained licenses through the vendor. A Kroll webpage on the incident states, "The investigation indicates that an unauthorized actor may have obtained driver license information, passport numbers (if provided), email addresses, phone numbers and residential addresses."
It's unclear when the unauthorized access began; the TPWD says it was notified by Texas Cyber Command on May 13, 2026. The TPWD is offering one year of free credit monitoring for victims, noting that many of its own staff were affected by the breach.